UAG DirectAccess: Generate and Activate Policies

Author by Shannon Fritz

UPDATE: My guide for Configuring DirectAccess with UAG Service Pack 1 has been released! Read it here.
After making changes to any of the "Edit Wizards" in UAG DirectAccess you must both Generate and Activate the policies before the changes take effect.  This is intended to mitigate potential for a change to get pushed out before it's dependancies are in place or give you an opportunity to think about what you are doing before you deploy it. So, if you are happy with your settings click the Generate Policies button. You'll be presented with a summary  of the policy settings that you will be creating and get a chance to review it or even export the script if you like. If you are happy with what you see click Apply Now.  This will create the Group Policy Objects and link them at the domain level but will only apply the computers or groups that you added in the Clients wizard.  But there is one more step... Once it is comple click OK and Close.  Now you can Activate the Policies by clicking the cog wheel icon or by selecting Activate from the File menu. This will bring up a sort of "last-change to cancel" message.  Clicking Activate will prepare the UAG server to accept the connections that you have configured and if you had a cluster of UAG servers it would pass these settings to the other member servers.  By default, it will also backup the current settings so you can roll back your changes in case something goes wrong. When it's done click Finish. Your settings are now in place.  The only thing you should need to do now is add a computer to the AD Security Group that these settings apply to (DirectAccess Enaled Computers) and run a "gpupdate" on that workstation to get the new settings.  Then that computer is ready to use DirectAccess outside of the office! At this point you are done configuring DirectAccess with UAG. The next couple posts in this series are optional reading, but you should really consider using the DirectAccess Connectivity Assistant if for no other reason than to aid in troubleshooting the first couple computers. Also, if you tie it to the same security group that used for enabling DirectAccess it helps clearly identify computers that are subject to these policies.
Next Step:
Index 1. IP Addressing the UAG Server 2. Unified Access Gateway Installation & Updates 3. Firewall and DNS Considerations 4. Certificates, Groups and Client Requirements 5. Configure other Prerequisites for UAG 6. Configuration Wizard: Clients 7. Configuration Wizard: DirectAccess Server 8. Network Location Server (NLS IIS site) 9. Configuration Wizard: Infrastructure Servers 10. Configuration Wizard: Application Servers 11. Generate and Activate Policies 12. DirectAccess Connectivity Assistant 13. What won’t work over DirectAccess

Shannon Fritz

Infrastructure Architect & Server Team Lead